On Thu, Jul 2, 2015 at 11:42 AM, Simon Josefsson <si...@josefsson.org> wrote: >>>>> The attached patches handle the reported issue. However, all functions >>>>> which use g_utf8_next_char() including g_utf8_strlen() are affected. >>>> is there anything holding this patch? >>> I'll add it to the next release... it is cosmetic workaround for a >>> glibc/gcc/valgrind issue, there is no bug in libidn there. >> Hello, >> This issue is not cosmetic. It will cause a crash on any user of >> libidn. > Can you give an example?
It is demonstrated by the test I originally attached (check for invalid encodings). >> valgrind is only used to demonstrate the out-of-bounds access. > My understanding was that valgrind hits down on glibc's optimized strlen > optimization that reads chunks of 4 bytes instead of character by > character. Libidn allocates only the exact length needed. So strlen > reads out of bounds. There is no strlen involved in that issue (the one I reported). The issue is in the usage of g_utf8_next_char() which will walk past the string boundaries for specially crafted strings. regards, Nikos _______________________________________________ Help-libidn mailing list Help-libidn@gnu.org https://lists.gnu.org/mailman/listinfo/help-libidn
